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(54) Title: METHOD OF HANDLING UNINTENDED SOFTWARE INTERRUPT EXCEPTIONS 
(57) Abstract 

Unintended software-interrupt-exceptions that are detected by the INTEL-80286 © or the INTEL-80386 © micropro- 
cessors while operating in the Protected- Mode and being known as interrupts 0, 4, 5, 6, 8, 12, 13, 16, are handled by using 
exclusively task-gates, by modifying the task-state-segment of the interrupted task while the interrupt task runs to so that 
AFTER executing the interrupt return instruction at a system- central the user's task-specific exception handler can safely be 
called and by providing a method to exit the user-task-specific exception-handler for resuming the normal operation at an 
appropriate program point which the task has already passed before the exception occurred, which essentially consists of 
saving and retrieving all register values and stack data as were actual when the task passed that point in the regular process- 
ing. The same principle applies to other processors with exception detection capability. A futural processor is conceived that 
provides instructions for assigning use-task-specific exception handlers, creating and jumping to recovery points. 
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1 . Description: 



Method of handling unintended software interrupt 
exceptions: 

The invention refers to a method of handling software 
interrupt exceptions which are not caused on purpose but 
occur due to errorprone programs that are particularly 
processed on the INTEL-80286 CTM) or INTEL-80386 (TM) 
5 processor in case these processors operate in the so 
caLtecJ PROTECTED MODE, whereby its basic principle can 
also be appLied to the exception handling of unintended 
(software interrupt) exceptions of any other existing 
exception-detecting processor e.g. Like MOTOROLA'S 68020 
10 (TM) and whereby the method may even give the incentive 
for creating enhanced hardware processors that do support 
this method as weLL. 

The method is described in detaiL based on the INTEL 
8028S (TM) processor. 

15 Using the INTEL 80286 (TM) processor the utilization of 
this invention may be appropriate for exceptions as may 
be due to 
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— Division by zero C known as interrupt 0) , 

- INTO -detected overflow (known as interrupt 4), 

20 — exceeding a boundary range (known as interrupt 5), 

- im/aLid Operation code Cknown as interrupt 6), 

— double faults (known as interrupt' 8), 

- stack errors Cknown as interrupt 12) , 

— aLL kind of errors that can be categorized as 
25 general protection &rirors (known as interrupt 13), 

: — processor extension errors (known as interrupt 16), 

which are by nature exceptions that are not intended on 
purpose. 

Based on the consideration that these exceptions are not 
30 &rr*ors by their own but rather report errors that have 
been made at some other places by wrong or missing 
high-level-programming-language statements this approach 
o-f handling these exceptions will not try to restart the 
-faulty instruction but to provide full opportunity to the 
35 user task to investigate and deal with the current 
situation in the Logical level of the used high-level- 
programming- L anguage and to provide the capability to 
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resume the normal operation thereafter, no matter which 
of the Listed exception occured, yes, even if the 
40 complete stack has been destroyed prior being reported by 
a stack error exception (interrupt 1Z) . 

As is standard this invention pursues to call a user task 
specific exception handler (see literature "INTEL 28S 
Operating System Writer's Guide" page 6-7 to 6-9) however 
50 claiming novelty -for the way to do so highlighted by the 
execution of the interrupt return instruction before the 
user task specific exception handler has even been 
called. 

This is done to prevent that further exceptions that 
55 might be caused by the user task specific exception 
handler can accrue to double faults or even to processor 
shutdown. 

Furthermore this is done in a way so that the user task 
specific exception handler can safety be reached and 
60 started, i.e. that no leftover data due to the occured 
exception may cause additional exceptions nor that data 
is left behind that might be troublesome for the next 
exception. 

Dictated by the worst cases where an interrupt task gate 
65 is definitely required, the solution assumes to use an 
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interrupt task gate in the interrupt descriptor table for 
aLL above Listed interrupt numbers. The task gate may 
refer to a task descriptor in the gLobal descriptor 
table, which wiLl re-fer to a task state segment, which 
win re-fer to an interrupt task program. 



This interrupt task program may save aLL data about the 
occurance erf the exception. Like the totaL stack segment 
o-f the interrupted task as well as the contents of its 
task state segment (which means essentially aLl register 
75 values), for a Later failure report- which is reasonable 
but not significant for this invention then using the 
ALIAS-descriptor technique modify the task state segment 
of the interrupted task, particularly 

- the fields for CS and IP so that by executing the 
80 interrupt return instruction the interrupted task 

wouLd continue at a system central address, let's 
call it Z, 

- e.g. the fields for BX and CX so that by executing 
the interrupt return instruction the registers BX 
and CX would contain the address of the user task 
specific exception handler (there are wellknown 
ways how to assign/where to store/ from where to 
get the address of the user task specific exception 
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handler) , 

90 - the -fields for DS and ES to any valid and present 

datasegment's selector so that by executing the 
irvterrupt return instruction no task switch error 
(known as interrupt 10) may be caused by these 
field entries, 

95 _ the -field -for the dynamic SS entry by copying from 

the proper static SS entry with regard to the 
appropriate privilege level 0 to 2, if this can be 
done unambiguously, - otherwise we may trust it and 
keep it as is, as the user program normally doesn't 
10O touch that value, 

- the fields for SP and BP to the limit value minus 1 
of the interrupted task's stacksegment so that 
a -f= ten tne return to the interrupted task new data 
can safety be put into the stack, e.g. in order to 

105 execute the caLling of the user task specific 

exception handler, 

- e.g. the fields for DI and SI to the address of 
the segment where we might have saved all above 
mentioned data concerning the occurance o-f the 

110 exception. 
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The Interrupt task program must also clear the 

TASK SWXTCHED bit in the machine status word. The 

interrupt task program or programs that is or that are 
reached via the task gates -for exception 6, IE, 13 must 
115 aiso pop the error code from the stack of the interrupt 
task prior switching back to the previously interrupted 
task. 

By executing the interrupt return instruction the 
previously interrupted task will continue at the system 

120 central address (Z) so that from there on new values may 
be safely entered into and read from the stack, while alL 
data that had been written into the stack prior to the 
occurance of the exception will be lost and needs to be 
recovered by an unorthodox method - which is an essentiaL 

125 part of this invention as well. 

At the system central address Z the user task specific 
exception handler is to be calLed Cits address may be 
stored in the registers BX and CX) , eventually provided 
with the input (parameter) of the address of the 
130 data-segment that contains the data about the occurance o-f 
the exception, unless the user task hasn't been assigned 
the address of a specific exception handler. Xn the 
Latter case a system master exception handler program may 
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be called, by using a task gate, to provide more general. 
135 reaction service. 

The user task specific exception handLer is supposed to 
investigate the current situation and deal with the 
problem appropriately, to do this in the adequate logical 
level (normally in the used high level programming 

140 language), then to determine the best suitable point of 
the task's program, let's call it a recovery point, and 
to "dump" there, not dust by setting code segment 
register (CS) and instruction pointer register (IP) to 
that point's address but by loading all stack data and 

145 all register values (inclusively CS and IP at last) as 
has been actual when the task's program -flow passed that 
point the last time. This kind of "dump" must nave been 
supported by the user's program when it passed that 
program address in the regular processing by writing all 

150 the data, i.e. stack and all register values enhanced by 
the self-descriptive information of how many bytes are 
saved, into a particular datasegment of appropriate size 
whose address must be saved at a distinctive memory 
address for being retrieved again. 

155 As theoretically the same program code may be processed 
while using different tasks, the "dump" to the recovery 
point may only, be allowed if the actual stack segment 
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value is equal to the stack segment value as retrieved 
from that datasegment . LegaL "jumps" to the same 
160 recovery point while being in different tasks must be 
matched by using different, task specific datasegments 
for storing the recovery point's characterizing data. 

In case the user task specific exception handler does not 
try to exit by "dumping" to a recovery point or in case 

165 the attempted "dump" to a recovery point is rejected it 
will terminate by the normal 

subroutine-return-instruction which allows us to call the 
system master exception handler by using a task gate 
which in any particular program branch may either exit by 

170 "dumping" to any other recovery point or initiate the 
rebooting of the system. 

Using this method a computer system or an executed user- 
program cannot crash anymore in all applicable 
situations. MuLti-usei — r multi-application, 
175 multitask-systems which otherwise might even deteriorate 
each other and wind up in softrestarting/hardrestarting 
the entire system will benefit as each task will be able 
to stay in full control by its own. Without this method 
the exception detection capability may be considered as 
180 being disadvantageous, especially if less damage is 
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caused by processing undefined data rather than by 
crashing the system; with it the user may tayLor his/her 
modules to get the most out of the exception detection 
capability. 

185 The implementation of this invention is by its nature an 
ideal enhancement of any Operating System that has to 
reflect hardware specifics as is the detection of 
exceptions. Part of it can be categorized as system 
configuration, part of it as Operating System service 

190 routines that are to be provided to the user, e.g. to 
"define a recovery point", which essentially means to 
save the actual register and stack values in a 
retrievable way, or to "jump to a recovery point", which 
means to retrieve and load these values into registers 

195 and stack, or to initialize involved data. 

In case it is applied "outside" of any standard Operating 
System it may improve Just those systems/devices (e.g. 
PC's) of those manufacturers that provide it in addition 
to/and overruling the Operating System, or in case it is 
200 applied "outside of the base system" but being a part of 
certain application software packages these may benefit 
e.g. by coping with internal errors or inproper data 
input by their customers. 
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2-Patent claims: 

1. Method to cope with the probLems resulting from 
software interrupt exceptions, which occur due to program 
errors rather being intended on purpose and which are 
detected by the INTEI_-80286 CTM) or the INTEL.-80386 CTM) 
5 processor while operating in PROTECTED MODE, by enabling 
the calling of a user task specific exception handler 
upon the occurance of exceptions as may be given by 
software interrupt numbers 0,4,5,5,8,12,13,16 

whereby the method is characterized particularly, 
10 by using task gates for all respective entries in the 
interrupt descriptor table, i.e. for entries 

0,4,5,8,8,12,13,16, which may refer to task descriptors 
in the global descriptor table which may refer to task 
state segments which may refer to interrupt task 
15 programs, 

and by the activities of these interrupt task programs, 
which must pop the ERROR CODE however only in case the 
interrupt task programs are determined for the- interrupts 
8,12 or 13,. while all of them must clear the 
20 TASK_SWXTCHED bit of the machine status word and must 
modify the task state segment of the interrupted task so 
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that by executing the interrupt-return instruction a task 
switch back to th© interrupted task will occur in such a 
way that this task win continue to run at a system 

25 central address, that then the address of the user task, 
specific exception handler is avaiLabLe in a pair o-r 
suitable registers, that then new data can safely be 
written into and read from the stack, i.e. that then the 
stackpointer and basepointer are set to the limit minus 1 

30 of the actual stacksegment, that the 

data-segment-register and the extra-segment-register 
cannot cause a task switch error (interrupt 10) being 
explicitly set to any valid and present clatasegment, 
and by then returning to the previously interrupted task, 

35 which means by continuing at a system central address, 

and by then calling the user task specific exception 
handler whose address is available in a suitable pair o-f 
registers so that the individual application-dependent 
user task specific exception handler, which may as well 

40 cause unintendend exceptions, may not wind up in double 
fault or processor shutdown, 

and by the technique how to exit the user task specific 
exception handler which is done by "Jumping" to a program 
point of the task, which I like to call recovery point 
45 and which is appropriate to resume the normal operation 
after having ingestigated and handled the current problem 
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situation from the user application's point of view, that 
is done by retrieving and Loading all register values and 
stack data as have been actual when -the regular program 

50 processing passed the address of that recovery point at 
-the last -time prior to the occurance of the exception, 
and by -the technique how to store these register values 
and stack data when the task program passes a program 
point that is suitable for toeing retrieved upon the 

55 occurance of a software interrupt exception in order to 
resume the normal operation as is done by storing 
register values and stack data into a datasegrnent of 
appropriate size in a retrievable way i.e. together with 
additional self-descriptive information as the number of 

60 stack: words is a variable information and by memorizing 
the address of the datasegrnent at a well de-fined place. 

Z. Method to cope with tine problems resulting -Prom 
software interrupt exceptions, which occur due to program 
errors rather being intended on purpose and which are 
55 detected by any microprocessor that provides the 
capability to get to a separate program area upon the 
occurance of such exceptions and that provides as well an 
interrupt-return instruction for counter — processing what 
has been processed due to the exception detection 
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70 which is characterized 

by taking preparations prior to the execution of the 
interrupt-return instruction in such a way, 

that in the moment of executing the interrupt-return 
instruction all processor knowledge and processor 

75 impact about the occured exception is cleared and no 

further exception can be caused due to register 
values as has been actual for the faulting 
instruction, whereby registers and other data may 
freely be modified to achieve this, 

80 that after the execution of the interrupt-return 

instruction the program will continue at a certain 
system central address and not at the address of the 
faulting instruction, 

that then appropriate registers are set so that the 
S5 complete stack is made available, 

if necessary, that then the address of the user's 
exception handler is available, 
by then executing the interrupt-return instruction, 
by then calling the user's exception handler which is 
90 supposed to investigate and handle the actual problem 
situation from the application dependent point of view 
and to determine the most suitable program point for 
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resuming the normal operation, 

toy enabling the user's exception handler to "jump" there 
95 which is done by retrieving alL register values and stack 
data as has been actual when the regular program flow 
passed that program . point the last time prior to the 
occurance of the exception, 

by supporting such "pumps" which is done by saving all 
100 aczual register values and stack data in a retrievable 
way at moments when the reguLar program processing passes 
program points that are suitable -for being dumped— to -for 
resuming the normal operation, 

3* Enhancement of any microprocessor that is able to 
105 cretect exceptions which are de-fined according to its own 
specific design and which typically occur due to the 
execution of errorprone programs rather being used on 
purpose 

which is characterized by 

110 providing an extended set of assembler code instructions, 
particularly an assembler code instruction for assigning 
a task the- address of a procedure to be determined as the 
task's exception handler program, 

particularly an assembler code instruction for creating a 
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115 recovery point, i.e. for saving all register values and 
stack data as are valid when this instruction is invoked, 
whereby any kind of token is returned by an output 
parameter of any type, which can be used by another 
instruction to retrieve the hereby saved register values 

120 and stack data and which is mentioned next, 

particularly an assembler code instruction to jump to a 
recovery point, i.e. to retrieve register values and 
stack data due to an input parameter which contains the 
token that has been returned by the instruction Just 

125 mentioned before, 

and if necessary an assembler code instruction to release 
a recovery point, i.e. to reLease the required memory 
where stack data and register values of a program point 
are stored in case the overall design requires it to 

130 manage limitation aspects, 

so that the user has only to call the new instructions at 
the appropriate places, e.g. 

at the beginning of the task the one to assign a 
usei — task-specific exception handler, 
135 at an appropriate program point for the resuming of the 
normal operation of the task after the occurence of an 
exception the one to create a recovery point, 
at the end of any branch o-f the usei — task-specific 
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exception handler the one to dump to a recovery point. 
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